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Part 1: 

Answer the following questions by clearly circling the most appropriate answer [ 1 point each ] 


1. In the case of the digital signature, the hash value of a message is encrypted with a user's 
private key. Anyone who knows the user's public key can verify the integrity of the 
message. Is this statement true or false? 
r 0 True 

b. False 


2. In hash function requirements, for any given hash value h, it is computationally feasible to 
find y such that H(y)= h. Is this statement true or false? 
a. True 



3. Which of the following is not a requirement fora hash function H, 

(0 H produces a variable length output 

b. It is computationally infeasible to find any pair (x,y) such that H(x) = H(y). 

c. For any x it is computationally infeasible to find y*x such that H(y)=H(x). 

d. For any h it is computationally infeasible to find x such that H(x)=h. 

4. Which of the following techniques is the best for the distribution of public keys: 

Public announcement 
Publicly available directory 
Public-key certificates « 

Public Authority 
All of the above 



o 5. Which of the following is not a many-to-one function for message M 


a. MAC (M, K) 

b. Hash (M) 

(Q RSA_Encryption { M, e, n) , where e and n are the public key 
x d. Digital Signature (M) 


6. Which of the following is not true on a Certificate scheme: 

a. Only the CA can create and update certificates. 

( 'by/ Only the participant can sign certificates 
(ch Any participant can read a certificate 

d. Any participant can verify that the certificate originated from the certificate authority 
' (CA). 


7. Message Authentication is concerned with: 



Protecting e-Commerce applications 
Protecting the integrity of a message 
Provide the identity of an attacker 
Provide authentication and confidentiality 


8. In simple key distribution, Man-in-the-Middle Attack can occur by opponent who may 
impersonate both communicating parties A and B as follows: 


1. A generates [PU A ,PR A ] and transmits (PU A ,ID A ) to B 

2 . 

3. B generates secret key K s and sends E(K S , PU E ) to A 

4. E intercepts, learns K s from D ( E(K S , PU E ) , PR E ) 

5. E transmits E(K S , PU A ) to A 

Step no. 2 is missing, which of the following is the missing step: 



E intercepts, creates [PU E ,PR E ], sends (PU E ,ID A ) to A 
E intercepts, creates [PU E ,PR E ], sends (PU E ,ID E ) to B 
E intercepts, creates [PU E ,PR E ], sends (PU E ,ID A ) to B 
E intercepts, creates [PU E ,PR E ], sends (PR E ,ID A ) to B 


9. On many occasions, systems have been broken not because of a poor encryption 

algorithm, but because of poor key selection or management. Which of the following is a 
desirable action to the above matter 
(ak) frequent key changes 

b. frequent algorithm changes 

c. Use multiple encryption algorithms 
(cQ Use multiple key-exchange algorithms 


10. Which of the following is an SSL protocol? 

(ay Handshake protocol 

b. Transport layer security protocol 

c. RSA key-exchange protocol 

d. Connection and session authentication protocol 
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Part 2: 



1. Suppose that Alice chooses for an RSA system the primes p = 29, and q = 17, and the 

public key e = 31. [4 points] 

(a) Write the equation to encrypt the plaintext M = 245. 

n = p- ‘i < ji 

c.-_ „ \ ZH5 «.J Ulxlf) 

(b) Write the equation to determine the private key d. 

c e-i ~ 

' ( 2£ a l<$) ^ ^ ^ i2W)+l ^ 

§| 

2. In the RSA public encryption scheme: 

i. What are the steps for RSA key generation i.e. creating the public and private key. 



The first and last steps are given for you. 

1. Selecting two large primes at random : p, q 

2 - p ? ^ 

3 ' f,v,A <2- \U[ c^ch Ce t (f(n\) 

4. (J.2 /weA = 


[ 3 points ] 


-i) 
= i 


5. publish the public encryption key: KU={e,N} 

6. keep secret private decryption key: KR={d,N} 


'L- 


3. Given a hash value h with a n-bit length for an unknown message®) Explain a brute force 
attack to find a message with the same hash value h and the level of effort. [ 2 points ] 
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4. Explain an attack by an adversary whom wishes to find two messages or data blocks, x and 
y, that yield the same hash function: H(x) = H(y). [ 3 points ] 
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[ 2 points ' 


5. List two main functionalities that digital signatures provide 
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6 . 


To provide both confidentiality and authentication to a message M, A can encrypt M first 
using its private key, which provides the digital signature, and then using B's public key, 
which provides confidentiality. What is the disadvantage of this approach? [ 1 point ] 

’f Vili W<5> / u , \^ ic |( \><s. 

$\ oW U.<,'\Ky e*\c/yP fiC'Vnv 

Assume two communicating parties A and B authenticated each other. Now A and B want 
to communicate messages and authenticate them withoutthe burden of using public key. 
What do you propose? [ 2 points ] 
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8. 


Explain why MAC is not a digital signature. 

Ye.ce.We/ 


[ 1 points ] 


“H'd . 


9. A brute force attack on hash function depends solely on the length of hash code. A brute 



force attack on MAC depends on two factors? 

rf 


[ 2 points ] 
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Part 3: 
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1. What protocols comprise SSL? 

55 L ) f<eco/A. p/b } ocol 
iii. << I i \ 


[ 2 points ] 


c -\{&€S spec QfAocc I 
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What is SSL Session. 

A 'S 0~ CC* r '’ n '* n < C(*\\cv\ (in |c Ijg/f cK<2/4 
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What is the purpose of the dual signature in SET protocol? 


[ 1 points ] 
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4. 


In SEJ protocol, the merchant forwards to the payment Gateway ^oanKj encrypted ^ 
of related payment information sent by the cardholder. What do the encrypted blocks 
conta in? and what type of verification the payment gateway performs from it? 
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[ 3 points ] 
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5. In the figure below, the order in which hash and encryption functions are 
performed is critical. What may go wrong with the below scheme? (F is a hash 
function). [ 2 points ] 
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